Hi !
I recently saw on the firewall of my Mac (That of system settings) an incoming authorization rules from com.norton.proxy, what should I do? Is it normal to have this authorization?
Thank You
1 Like
bjm
June 3, 2026, 7:52pm
2
Hello @utilisateur276
Yes — that is usually normal if you use features from Norton such as Secure VPN, Web Protection, Safe Web, Private Browser integration, or traffic scanning/network filtering on macOS.
com.norton.proxy is typically a Norton network proxy/filter component that intercepts or inspects network traffic locally so Norton can provide:
VPN tunneling
malicious website blocking
encrypted traffic inspection
phishing protection
browser/network monitoring
On macOS, these components often request incoming connection permissions through the built-in firewall in System Settings. Seeing an authorization rule for com.norton.proxy by itself is not generally a sign of malware.
A few things you can check:
Open:
System Settings → Network → Firewall → Options
Look for the Norton entry.
Verify the app path points to Norton/Symantec software locations, commonly something like:
/Library/Application Support/Norton/...or a signed Norton component.
If Norton features are working normally and the app is properly signed by Norton, you would usually leave the permission enabled.
You should be more cautious if:
you do not have Norton installed anymore,
the file path looks strange,
the app is unsigned,
or the rule appeared after uninstalling Norton.
In that case, you could:
temporarily block it,
restart,
and see whether Norton protection/VPN breaks.
On newer macOS versions, especially Tahoe/Sequoia-era releases, security apps rely heavily on Apple’s Network Extension framework, so these proxy/filter permissions are much more common than they used to be.
A little more context that may help:
On modern macOS, security software no longer hooks deeply into the kernel the way older antivirus products once did. Apple pushed vendors toward user-space network extensions and local proxy services. Norton’s com.norton.proxy is part of that newer architecture.
So when you see:
“Allow incoming connections”
firewall authorization
local proxy/filter entries
…it often means the component is listening locally on your Mac so other Norton components or browsers can pass traffic through it for inspection. That sounds scarier than it usually is.
A few additional checks you can do safely:
In Activity Monitor, search for “norton” or “proxy”.
In Terminal, you can inspect the code signature:
codesign -dv --verbose=4 "/path/to/the/component"
or simpler:
ps aux | grep norton
If the process is signed by Norton/Gen Digital and located under /Library or Norton application folders, that is expected.
You can also look under:
System Settings → General → Login Items & Extensions
Extensions → Network Extensions
You’ll likely see Norton filtering/VPN/network entries there too.
One important distinction:
“Allow incoming connections” in macOS Firewall does not necessarily mean the internet can freely connect into your Mac.
Often it just allows local inter-process communication or approved network extension behavior tied to the signed application.
If you block com.norton.proxy, common side effects can include:
Secure VPN failing,
Safe Web/web protection not working,
browser protection issues,
Smart Firewall/web filtering problems,
or repeated permission prompts.
So unless you’re troubleshooting a specific Norton networking issue, the safest course is usually to leave the authorization intact.
AI sourced content may make mistakes
Thank you very much it reassures me
1 Like